The vulnerability identified as CVE-2025-70151 affects the code-projects Scholars Tracking System version 1.0. It is classified under CWE-434, which pertains to unrestricted file upload vulnerabilities. The issue exists in two endpoints: update_profile_picture.php and upload_picture.php. These endpoints allow authenticated users to upload files that are stored in a web-accessible uploads/ directory. Critically, the system does not validate the file type or extension, allowing attackers to upload files with malicious PHP code. Once uploaded, the attacker can invoke the uploaded PHP file by requesting it via the web server, resulting in remote code execution (RCE) with the privileges of the web server user. The CVSS v3.1 base score is 8.8, indicating a high severity with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network with low attack complexity, requires low privileges (authenticated user), no user interaction, and impacts confidentiality, integrity, and availability to a high degree. The vulnerability is particularly dangerous because it allows an attacker to gain control over the server, potentially leading to data theft, service disruption, or pivoting to other internal systems. No patches or fixes are currently linked, and no known exploits have been publicly reported, but the vulnerability is publicly disclosed and should be treated as urgent.

For European organizations using the Scholars Tracking System 1.0, this vulnerability poses a significant risk. Successful exploitation can lead to full compromise of the affected web server, resulting in unauthorized access to sensitive student and academic data, disruption of services, and potential lateral movement within the network. Given the high confidentiality and integrity impact, organizations may face regulatory consequences under GDPR if personal data is exposed or altered. The availability impact could disrupt academic operations and damage institutional reputation. Since the vulnerability requires authentication, insider threats or compromised credentials increase risk. The lack of file type validation means that even non-technical users with access could inadvertently facilitate exploitation. The threat is particularly concerning for educational institutions and research bodies in Europe that rely on this system for managing scholar information.

Immediate mitigation should focus on restricting file upload functionality. This includes implementing strict server-side validation of file types and extensions, allowing only safe image formats (e.g., JPEG, PNG) and rejecting any executable or script files. Employ content inspection techniques such as MIME type verification and file signature checks. Store uploaded files outside the web root or configure the web server to prevent execution of files in the uploads directory (e.g., using .htaccess rules or equivalent). Implement strong authentication and monitor for unusual upload activity. Conduct regular audits of uploaded files to detect malicious content. If patching is unavailable, consider disabling the upload functionality temporarily. Additionally, apply web application firewalls (WAFs) with rules to detect and block attempts to upload or execute PHP files in upload directories. Educate users about the risks of uploading unauthorized files and enforce the principle of least privilege for authenticated users. Finally, maintain comprehensive logging and alerting to detect exploitation attempts promptly.